4.1.7 Blogging and Micro-blogging

Blogs – postings of regular user-generated content, usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video – are already well known and need little explanation. Micro-blogging covers sites such as Twitter, Jaiku, Twitxr and Pownce which are a variant of social networking using short messages, usually along the lines of ‘what are you doing now?’ and even publishing images of the place or situation the user is currently in. The popularity of such applications is growing along with the possibility of posting these kinds of messages from any kind of device web browser, mobile phone, IM, etc. The subject matter of micro-blogging tends to involve posts and images taken in public, often involving unwitting and unwilling third parties. Furthermore the use of mobile devices can to add to the amount of location data made available. An important security concern is therefore the protection and proper usage of personal, temporal and geographical information.

4.1.8 Metadata – Tagging and Folksonomies

Image tagging: Typically used in social networking and photo sharing applications, users tag images with names or links to social networking profiles. They may tag images of themselves and crucially also of other people. EULAs and TOUs usually specify that tagging is opt-out, ie, if someone objects to being tagged, they must explicitly make a request to the tagger whom they may not even know. Typically a user uploads an image and tags the image with metadata including the names, profile links or even email addresses of all the people in the image. A key development in this area is the inclusion of face-recognition software in image upload tools. Such software uses face-recognition and machine learning to tag pictures automatically, based on a training period where the user ‘teaches’ the software to recognise the most common faces in their portfolio of pictures 9. As is described in more detail in Security Issues and Recommendations for Online Social Networks 10, this has important privacy implications. The widespread roll-out of such a feature will greatly increase the amount of tags applied to images. RSS files: These files provide metadata on recently updated web content which allows users to aggregate multiple sources in a single reader, which displays summaries of new content instantly without the user having to check for updates. Media metadata such as ID3 files: Media metadata provide information on media embedded in Web 2.0 applications. Folksonomies and tag clouds: Users create community-based metadata schemes to which the members of the community can contribute. Tag clouds provide a visual representation of the relationships between the categories into which a piece of content falls.

4.1.9 Distributed Non-automatable Tasks

One of the uses of the new architectural paradigms is in harnessing the power of many distributed users to perform tasks which cannot be easily automated. This can be used for legitimate business purposes; Mechanical Turk is a good example 11. Such processes can also be used for criminal purposes such as breaking CAPTCHAs using a distributed user-base either paid a small amount for each CAPTCHA broken or otherwise enticed to enter the text of the CAPTCHA 12 13. Web 2.0 Security and Privacy 18